Large Language And Vision Assistant

3 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2024-9311 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) vulnerability in haotian-liu/llava v1.2.0 (LLaVA-1.6) allows an attacker to upload files with malicious content without authentication or user interaction. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Large Language And Vision Assistant
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2024-12070 HIGH POC This Week

A Denial of Service (DoS) vulnerability exists in the file upload feature of haotian-liu/llava, specifically in Release v1.2.0 (LLaVA-1.6). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Denial Of Service Large Language And Vision Assistant
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2024-11449 HIGH POC This Week

A vulnerability in haotian-liu/llava version 1.2.0 (LLaVA-1.6) allows for Server-Side Request Forgery (SSRF) through the /run/predict endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure SSRF Authentication Bypass Large Language And Vision Assistant
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2024-9311
EPSS 0% CVSS 6.1
MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) vulnerability in haotian-liu/llava v1.2.0 (LLaVA-1.6) allows an attacker to upload files with malicious content without authentication or user interaction. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Large Language And Vision Assistant
NVD
CVE-2024-12070
EPSS 0% CVSS 7.5
HIGH POC This Week

A Denial of Service (DoS) vulnerability exists in the file upload feature of haotian-liu/llava, specifically in Release v1.2.0 (LLaVA-1.6). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Denial Of Service Large Language And Vision Assistant
NVD
CVE-2024-11449
EPSS 0% CVSS 7.5
HIGH POC This Week

A vulnerability in haotian-liu/llava version 1.2.0 (LLaVA-1.6) allows for Server-Side Request Forgery (SSRF) through the /run/predict endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure SSRF Authentication Bypass +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy